Lesson from Atlanta: Don’t Take Ransomware Lightly

A late-March ransomware attack on the City of Atlanta underscores the importance of hardening IT environments against cyber threats. Ten days after the March 22 attack, some of Atlanta’s systems still were not restored, with police officers having to file paperwork manually and residents unable to pay parking tickets and water bills online.

The attack, which temporarily shut down the municipal court system, employed a ransomware variant called SamSam. The variant has proven particularly effective for hackers by exploiting system vulnerabilities and guessing weak passwords. Though ransomware often gets into networks through phishing, it also uses exploits to spread infection. Such was the case with the widespread 2017 WannaCry and Petya infections.

Ransomware are all too common. They cost victims $5 billion in 2017, a fivefold increase from $1 billion the previous year. The reason it is so lucrative for attackers is that victims don’t protect their systems and data properly. For instance, Atlanta had been forewarned of its vulnerabilities but didn’t take enough steps to correct them.

No one is immune to ransomware attacks – from small businesses to large organizations to municipal and federal agencies. As Atlanta struggled to recover, Baltimore suffered an attack that shut down its 911 system for hours. Ransomware is a serious problem, and MSPs need to be aware of its dangers to work with clients to defend against it.

MSP Role

When clients turn over control of their IT environments to MSPs, the providers become the stewards of client systems and data. With that comes the awesome responsibility of protecting those environments. To help prevent clients from becoming the next Atlanta, MSPs should take advantage of threat intelligence feeds to stay current on current threats. In addition, here are some steps MSPs can take immediately to protect client environments:

Risk Assessment – Persuade clients they need to subject their environments to a thorough assessment to find vulnerabilities, weigh risks and initiate the process of addressing those vulnerabilities and prepare a risk-mitigation plan.

User Education – From the top executives to rank-and-file employees, all users within client organizations need education on cyber threats. Education should be delivered on a continuum to remind users of their responsibilities in helping to secure company data and how to spot threats.

Patch Management – WannaCry used a well-known exploit to quickly spread an infection that traversed company networks and country borders. A patch had been issued for the exploit but too many organizations failed to apply it. MSPs should leverage automated patch management and insist clients keep all software and security systems up to date. Clients that refuse should be told to find a different provider.

Data Backup – The most basic ransomware defense is to back up all critical business data. As with patch management, MSPs should require clients to have a reliable backup strategy – and talk clients into managing it for them by using automated cloud backup with built-in redundancy.

Endpoint Security – Advanced endpoint protection cover the basics such as AV scans but also delivers threat intelligence and analysis to help defend against new ransomware variants and previously unknown (zero-day) threats. This is a service MSPs need to provide to ensure all client endpoints, including mobile phones, are secure.

Atlanta will likely feel the effects of the ransomware attack for a long time. The same would be true of any large organization without the proper defenses in place. Small businesses are especially vulnerable due to their lack of resources, and may never full recover. MSPs must ensure their clients understand what’s at stake with ransomware – possibly even the survival of the business. For more information about APC’s security offering, please click here.